Remko Weijnen's Blog (Remko's Blog)
About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like
In part 1 I showed how to create and open objects in Terminal Server Sessions. However, these are not all of the possible places where you can place objects via documented kernel32.dll functions.
If we look into Winobj again, we notice, that every BaseNamedObjects directory has a subdirectory named Restricted. To be honest, I do not know why it’s created; it’s security allows object creation for LocalSystem and RESTRICTED special user (in windows 2000, Everyone can also create objects in it). So, we can use it as prefix for object creation, for example, Restricted\MyAppEvent: 
Of course, you can still use Global, Local, or Session links for accessing objects in Restricted directory, e.g. Global\Restricted\Objname, Session\6\Restricted\Objname. You can always create objects in Global\Restricted directory, while may fail creating objects in session’s Restricted directory.
What if you will use Session link, but do not add the session number to it (like Session\MyAppEvent)? It is allowed, and you’ll have your object created into the \Sessions\BNOLINKS directory: 
So if you want to hide your object, but still share it with someone else, you can use it.
Download new SessionObjects version 1.1: it creates objects in all possible places.
Session Objects 1.1 (1220 downloads)Profile
Top Posts
- How rdp passwords are encrypted
- Enable Developer mode on VW Discover Pro with VCDS
- Switch SATA Operation Mode
- ClickOnce Applications in Enterprise Environments
- Running multiple instances of Lync (howto)
- SasLibEx 2.0 Release Announcement
- Wordpress and the Cookie Monster
- VW RNS 510 Navigation Startup Pictures
- RNS 315 Enable Developer Mode
- Patch Windows 2003 Terminal Server to allow more than 2 concurrent sessions
Recent Comments
Featured Downloads
- AClientFix (4885 downloads)
- AddPrinter2.zip (4423 downloads)
- AdProps (4282 downloads)
- AdSample1 (3716 downloads)
- AMD Radeon Crimson ReLive (4797 downloads)
- Atheros Driver (26123 downloads)
- AutoLogonXP 1.0 (3661 downloads)
- CDZA (2538 downloads)
- ChDrvLetter.zip (4177 downloads)
- ChDrvLetter.zip (5431 downloads)
Blogroll
- Andrew Morgan
- Arnout’s blog
- Assa’s Blog
- Barry Schiffer
- Delphi Praxis
- Ingmar Verheij
- Jedi Api Blog
- Jedi API Library
- Jeroen Tielen
- Kees Baggerman
Categories
- .NET (4)
- Active Directory (28)
- Altiris (36)
- App-V (1)
- Apple (5)
- Application Compatibility (11)
- Automotive (5)
- AWS (1)
- BootCamp (1)
- C# (6)
- C++ (2)
- Citrix (87)
- Delphi (61)
- Embedded (4)
- Exchange (16)
- General (71)
- iPhone (5)
- Java (8)
- Linux (1)
- Lync (2)
- NetScaler (1)
- Oracle (4)
- Other (1)
- Packaging (19)
- PowerShell (56)
- Programming (79)
- Quest (1)
- RES (7)
- script (22)
- ShareFile (1)
- SQL Server (10)
- Strange Error (3)
- Terminal Server (68)
- ThinApp (3)
- ThinKiosk (1)
- Ubuntu (1)
- Unattended Installation (19)
- Uncategorized (51)
- UWP (2)
- Vista (37)
- Visual Studio (1)
- VMWare (26)
- Windows 10 (2)
- Windows 2003 (30)
- Windows 2008 (37)
- Windows 2008 R2 (16)
- Windows 2012 (2)
- Windows 7 (30)
- Windows 8 (4)
- Windows Internals (12)
- Windows XP (16)
Archives
- February 2023 (1)
- October 2022 (3)
- July 2022 (1)
- June 2022 (2)
- October 2019 (1)
- March 2018 (1)
- January 2018 (4)
- December 2017 (3)
- April 2017 (1)
- March 2017 (5)
- February 2017 (4)
- May 2016 (3)
- March 2016 (1)
- October 2015 (2)
- September 2015 (1)
- January 2015 (1)
- August 2014 (1)
- July 2014 (8)
- May 2014 (1)
- November 2013 (1)
- October 2013 (2)
- September 2013 (3)
- August 2013 (4)
- June 2013 (2)
- May 2013 (3)
- April 2013 (5)
- March 2013 (5)
- February 2013 (1)
- January 2013 (5)
- December 2012 (9)
- November 2012 (3)
- October 2012 (3)
- August 2012 (4)
- July 2012 (2)
- June 2012 (1)
- May 2012 (6)
- March 2012 (13)
- February 2012 (12)
- January 2012 (9)
- December 2011 (9)
- November 2011 (4)
- October 2011 (5)
- September 2011 (10)
- August 2011 (10)
- July 2011 (2)
- June 2011 (8)
- May 2011 (12)
- April 2011 (4)
- March 2011 (14)
- February 2011 (8)
- January 2011 (32)
- December 2010 (23)
- November 2010 (19)
- October 2010 (10)
- September 2010 (6)
- August 2010 (1)
- July 2010 (1)
- June 2010 (6)
- March 2010 (7)
- February 2010 (3)
- December 2009 (3)
- November 2009 (11)
- September 2009 (2)
- July 2009 (1)
- June 2009 (5)
- May 2009 (1)
- April 2009 (2)
- March 2009 (3)
- February 2009 (6)
- January 2009 (3)
- December 2008 (8)
- November 2008 (5)
- October 2008 (3)
- September 2008 (3)
- August 2008 (3)
- June 2008 (6)
- May 2008 (2)
- April 2008 (3)
- March 2008 (5)
- January 2008 (3)
- December 2007 (3)
- November 2007 (13)
- October 2007 (10)
2 Responses for "Accessing kernel objects in other sessions part 2"
> So if you want to hide your object, but still share it with someone else, you can use it.
If I understand correctly, this is “security by obscurity”? Ie. you are creating the object in an unexpected location, but if someone else did know the location, could still access it? Isn’t this equivalent with appending an arbitrary suffix to your object which is know to both parties? (Ie, instead of MyAppEvent you would create MyAppEvent.31337)
Yes, you’re correct. You can treat the objects and prefixes just like files and directories. Unfortunately, win32 api doesn’t provide a way for enumerating them, so it doesn’t make sense if you would modify your object name, or move it into other directory. I think the most useful info is that you can create the objects with the same name on different session, and access them from any other session.
Leave a reply